Total
11483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5407 | 2 Fedoraproject, X.org | 2 Fedora, Libxv | 2017-06-30 | 7.5 HIGH | 9.8 CRITICAL |
| The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. | |||||
| CVE-2015-8929 | 2 Libarchive, Suse | 4 Libarchive, Linux Enterprise Desktop, Linux Enterprise Server and 1 more | 2017-06-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. | |||||
| CVE-2015-3815 | 1 Wireshark | 1 Wireshark | 2017-06-30 | 5.0 MEDIUM | N/A |
| The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a crafted payload, as demonstrated by a length of zero, a different vulnerability than CVE-2015-3906. | |||||
| CVE-2014-8501 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2017-06-30 | 7.5 HIGH | N/A |
| The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable. | |||||
| CVE-2017-9220 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2017-06-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file. | |||||
| CVE-2017-9219 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2017-06-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file. | |||||
| CVE-2017-9871 | 1 Lame Project | 1 Lame | 2017-06-28 | 6.8 MEDIUM | 7.8 HIGH |
| The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. | |||||
| CVE-2017-9761 | 1 Radare | 1 Radare2 | 2017-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. | |||||
| CVE-2017-8547 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2017-06-26 | 7.6 HIGH | 7.5 HIGH |
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8519. | |||||
| CVE-2017-9754 | 1 Gnu | 1 Binutils | 2017-06-26 | 6.8 MEDIUM | 7.8 HIGH |
| The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
| CVE-2017-9752 | 1 Gnu | 1 Binutils | 2017-06-26 | 6.8 MEDIUM | 7.8 HIGH |
| bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during "objdump -D" execution. | |||||
| CVE-2017-9753 | 1 Gnu | 1 Binutils | 2017-06-26 | 6.8 MEDIUM | 7.8 HIGH |
| The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
| CVE-2017-9745 | 1 Gnu | 1 Binutils | 2017-06-26 | 6.8 MEDIUM | 7.8 HIGH |
| The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
| CVE-2017-9744 | 1 Gnu | 1 Binutils | 2017-06-26 | 6.8 MEDIUM | 7.8 HIGH |
| The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
| CVE-2017-8528 | 1 Microsoft | 6 Office, Windows 7, Windows 8.1 and 3 more | 2017-06-26 | 9.3 HIGH | 8.8 HIGH |
| Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0283. | |||||
| CVE-2017-8519 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows 8.1 and 3 more | 2017-06-26 | 7.6 HIGH | 7.5 HIGH |
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8547. | |||||
| CVE-2017-8521 | 1 Microsoft | 2 Edge, Windows 10 | 2017-06-21 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8548, and CVE-2017-8549. | |||||
| CVE-2017-8513 | 1 Microsoft | 2 Powerpoint, Sharepoint Server | 2017-06-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability". | |||||
| CVE-2017-8238 | 1 Google | 1 Android | 2017-06-16 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a camera function. | |||||
| CVE-2016-7820 | 1 Iodata | 4 Ts-wrla, Ts-wrla Firmware, Ts-wrlp and 1 more | 2017-06-16 | 9.0 HIGH | 7.2 HIGH |
| Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors. | |||||